Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
jenkins fortify vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-4301
A cross-site request forgery (CSRF) vulnerability in Jenkins Fortify Plugin 22.1.38 and previous versions allows malicious users to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenki...
Jenkins Fortify
NA
CVE-2023-4302
A missing permission check in Jenkins Fortify Plugin 22.1.38 and previous versions allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenki...
Jenkins Fortify
NA
CVE-2023-4303
Jenkins Fortify Plugin 22.1.38 and previous versions does not escape the error message for a form validation method, resulting in an HTML injection vulnerability.
Jenkins Fortify
4
CVSSv2
CVE-2020-2107
Jenkins Fortify Plugin 19.1.29 and previous versions stores proxy server passwords unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
Jenkins Fortify
4
CVSSv2
CVE-2022-25188
Jenkins Fortify Plugin 20.2.34 and previous versions does not sanitize the appName and appVersion parameters of its Pipeline steps, allowing attackers with Item/Configure permission to write or overwrite .xml files on the Jenkins controller file system with content not controllab...
Jenkins Fortify
4
CVSSv2
CVE-2018-1000607
A arbitrary file write vulnerability exists in Jenkins Fortify CloudScan Plugin 1.5.1 and previous versions in ArchiveUtil.java that allows attackers able to control rulepack zip file contents to overwrite any file on the Jenkins master file system, only limited by the permission...
Jenkins Fortify Cloudscan
4.3
CVSSv2
CVE-2020-2203
A cross-site request forgery vulnerability in Jenkins Fortify on Demand Plugin 5.0.1 and previous versions allows malicious users to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs.
Jenkins Fortify On Demand
5.5
CVSSv2
CVE-2020-2204
A missing permission check in Jenkins Fortify on Demand Plugin 5.0.1 and previous versions allows attackers with Overall/Read permission to connect to the globally configured Fortify on Demand endpoint using attacker-specified credentials IDs.
Jenkins Fortify On Demand
4
CVSSv2
CVE-2020-2202
A missing permission check in Jenkins Fortify on Demand Plugin 6.0.0 and previous versions in form-related methods allowed users with Overall/Read access to enumerate credentials ID of credentials stored in Jenkins.
Jenkins Fortify On Demand
4
CVSSv2
CVE-2019-10449
Jenkins Fortify on Demand Plugin stores credentials unencrypted in job config.xml files on the Jenkins master where they can be viewed by users with Extended Read permission, or access to the master file system.
Jenkins Fortify On Demand
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryption
CVE-2024-4331
CVE-2024-26925
arbitrary code
CVE-2006-4304
CVE-2024-25458
CVE-2024-27077
reflected XSS
CVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »
Vulmon